IBM acquires Trusteer to boost cybersecurity expertise

ATMs are often a target of hackers, but the technology of Trusteer can help detect and prevent hacking. Now IBM has bought Trusteer and added it to its security division.

ATMs are often a target of hackers, but the technology of Trusteer can help detect and prevent hacking. Now IBM has bought Trusteer and added it to its security division. (Simon Dawson / Bloomberg)

Paresh Dave

Recognizing the growth in online payments and the increasing number of targeted cyberattacks on big companies, technology giant IBM is making the first major expansion of its nearly 2-year-old security division.

On Thursday, IBM announced an agreement to buy Trusteer, a cybersecurity firm whose clientele includes seven of the top 10 U.S. banks. Trusteer’s team in Israel will become the cornerstone of a new IBM cybersecurity research and development center in Tel Aviv. Terms of the deal were not disclosed, but an Israeli media report said the price was close to $1 billion.

To counter financial fraud, Trusteer helps banks produce digital "fingerprints" of devices used in the login process. For instance, it can identify customers who are logging in from devices that have malicious software installed on them. It can then block a subsequent attempt from a brand new device that likely belongs to a hacker who had been using monitoring the keystrokes on the real account owner’s malware-infected device. The block keeps an account from being taken over.

“The push here is to keep up with acceleration and expansion of consumers doing e-commerce,” said IBM’s Marc van Zadelhoff, vice president of strategy and product management. “The biggest favor we can do for consumers is make sure this technology is pervasive.”

At large companies, one of Trusteer’s other products can be used to cut the life out of viruses and other malicious programs by denying them access to the Internet. One of the most prevalent types of cyberattacks right now involves sending people an email that draws them to a website. Once there, a package is secretly downloaded that can turn the device into a robot fully controllable by the hacker.

“We basically detect that an app is behaving in a way that’s one of the ways we’ve approved, or it’s an app that we haven’t approved and we break the attack,” Trusteer president of marketing Yishay Yovel said.

The approach allows known and unknown problematic apps to be shut down -- whether it comes from the Web, an app store or a USB drive. That’s different than virus scans, which typically rely on a sample of bad programs and thus are limited to blocking known attacks. Yovel said about 30 million devices are protected by Trusteer’s product, known as Apex. Only a handful run into false positives each day.

Yovel said joining IBM’s operations should help it expand beyond its focus on financial firms and online shopping destinations in the U.S. and U.K.

“We can get after every large bank in the world,” he said.

Van Zadelhoff said IBM has acquired 12 other security companies in recent years. Still, customers were demanding the financial fraud and advanced malware detection expertise that Trusteer had.

“It takes a lot of analytics to detect these subtle threats -- to find the needle in the haystack,” he said. “We had to make an investment to stay ahead of the hackers and fraudsters.”